Privacy Policy for NSDigital Consulting

Effective Date:

  1. Introduction

NSDigital Consulting (“NSDigital Consulting,” “the Company”) is committed to safeguarding the privacy of individuals (“Data Subject,” “User”) who visit and interact with its website, https://nsdigitalconsulting.com/ (the “Website”). This Privacy Policy is formulated to delineate the manner in which NSDigital Consulting collects, utilizes, discloses, processes, and protects Personal Information. This commitment is undertaken in strict compliance with the Protection of Personal Information Act, 4 of 2013 (“POPIA”) of South Africa, and other relevant data protection legislation.1

In adopting this Privacy Policy, NSDigital Consulting aims to strike a balance between its legitimate business interests and the reasonable expectation of privacy held by users of the Website.3 POPIA mandates that data subjects are provided with a clear and accessible privacy policy outlining data handling practices.1 Therefore, this document serves to fulfill these transparency obligations, ensuring that users are fully informed about how their Personal Information is managed. Users are strongly encouraged to read this Privacy Policy meticulously to understand their rights concerning their Personal Information and the practices NSDigital Consulting adheres to in its processing. The establishment of a clear legal framework (POPIA) and a proactive stance on privacy from the outset is intended to build user trust and set clear expectations regarding data management practices. This directly addresses the “Openness” principle fundamental to POPIA.1

  1. About Us / Responsible Party

The entity responsible for the collection and processing of Personal Information through this Website is:

  • Name: NSDigital Consulting
  • Office Location: Claremont, Cape Town, South Africa 5

In the context of POPIA, NSDigital Consulting is designated as the “Responsible Party.” This means that NSDigital Consulting determines the purpose for which Personal Information is collected via the Website and the means by which this information is processed.6 Clearly identifying the Responsible Party is a foundational requirement under POPIA, directly linked to the principle of “Accountability”.1 This identification is crucial for data subjects to understand who is accountable for their data and to whom they should direct any queries or requests regarding their Personal Information.

  1. Personal Information We Collect

NSDigital Consulting collects Personal Information through various interactions with the Website. The types of Personal Information collected are detailed below. It is important to note that POPIA defines “Personal Information” broadly, encompassing any information relating to an identifiable, living, natural person, and where applicable, an identifiable, existing juristic person.1

3.1. Information Provided Directly by the User

NSDigital Consulting collects Personal Information that users voluntarily provide when they:

  • Utilize the “Get a quote” form:
  • Email address (Required)
  • Phone number
  • Website address
  • Company name
  • Information provided in the field “If other, please explain your interest”
  • Information provided in the field “Questions or additional information”.7 Even if “Company” or “Website” appears to be business-related, if it can be linked to a sole proprietor or an identifiable individual within a small partnership, it may constitute Personal Information under POPIA.
  • Initiate direct contact:
  • Telephone number: +27 64 511 9706 5
  • Email address: nicholas@nsdigitalconsulting.com 5
  • Any other Personal Information disclosed during such communications.

NSDigital Consulting attempts to limit the types of Personal Information processed to only that to which the user consents in the context of their interaction.3 The collection of “special personal information,” as defined by POPIA (including, but not limited to, information concerning race, ethnic origin, religious or philosophical beliefs, health, or sex life) 1, is not an intentional practice of NSDigital Consulting through standard website operations. Such information will not be collected, used, or disclosed except with the user’s specific, informed consent for a clearly defined purpose, or in circumstances expressly permitted by law.3 Should a user voluntarily provide such information, for instance, in an open text field, NSDigital Consulting will handle it with the heightened sensitivity and safeguards required by POPIA.

3.2. Information Collected Automatically (Log Data, Cookies)

When users access the Website, certain information may be collected automatically by servers or through the use of tracking technologies like cookies. This information typically includes:

  • Internet Protocol (IP) address
  • Browser type and version
  • Operating system
  • Referring URLs (the website from which the user visited)
  • Pages viewed on the Website
  • Date and time of access 3
  • Name of the Internet Service Provider (ISP)

Further details regarding the use of cookies and other tracking technologies are provided in Section 6 (“Cookies and Tracking Technologies”) of this Privacy Policy.

The following table summarizes the categories of Personal Information collected:

Table 1: Personal Information Collected 

Category of Personal Information Specific Data Points How We Collect It
Contact Information Email address, Phone number “Get a quote” form 7, Direct email/phone contact 5
Business/Inquiry Details Company name, Website address, “If other, please explain your interest,” “Questions or additional information” “Get a quote” form 7
Technical Information IP address, Browser type, Operating system, Referring URLs, Pages viewed, Dates/times of access Automated server logs, Cookies (subject to cookie audit and consent preferences) 3

This detailed listing ensures that NSDigital Consulting acknowledges the full scope of its collection activities and applies POPIA principles accordingly, adhering to the “Processing limitation” principle by collecting only what is adequate, relevant, and not excessive for the stated purposes.1

  1. How We Use Your Personal Information (Purpose Specification)

NSDigital Consulting processes Personal Information for specific, explicit, and legitimate purposes. The Personal Information collected is used as follows:

  • To Respond to Inquiries and Provide Information: To address queries submitted via the “Get a quote” form or through direct email or telephone contact, and to provide information about NSDigital Consulting’s services as requested.5 For example, a phone number or email address is used to contact the user regarding their quote request, while company and website details help in understanding the context of the inquiry.
  • To Provide Consulting Services: To deliver digital consulting services when a user engages NSDigital Consulting for such purposes.
  • To Communicate: To send administrative communications regarding user requests, service updates, or changes to terms and policies.
  • To Operate and Improve the Website: To maintain the functionality of the Website, enhance user experience, and develop new services or features. This aligns with legitimate business purposes.9
  • For Internal Record-Keeping: For administrative and internal record-keeping requirements.
  • To Comply with Legal Obligations: To adhere to applicable laws, regulations, legal processes, or enforceable governmental requests.

NSDigital Consulting is committed to the POPIA principle of “Purpose Specification,” ensuring that Personal Information is collected and processed only for lawful and clearly defined purposes of which the data subject is made aware.1 Personal Information will not be processed for any purpose incompatible with the original purpose of collection unless further consent is obtained or such further processing is compatible with the initial purpose or permitted by law (the “Further processing limitation” principle under POPIA).1

Regarding Direct Marketing: NSDigital Consulting will not use Personal Information for unsolicited direct marketing through electronic communications (such as email or SMS) unless the user has provided explicit, opt-in consent. If the user is an existing customer, they may receive marketing communications regarding similar services, but will always be provided with a clear and easy way to object to (opt-out of) such marketing at the time of collection and in every subsequent communication.2 This respects the data subject’s right not to have their personal information processed for direct marketing by unsolicited electronic communications.2

  1. Legal Basis for Processing Your Personal Information

The processing of Personal Information by NSDigital Consulting is grounded on one or more of the following lawful bases as stipulated by POPIA 1:

  • Consent: Processing is undertaken when the data subject has provided explicit and informed consent for their Personal Information to be processed for one or more specific purposes.1 For instance, submitting the “Get a quote” form implies consent for the processing of the provided information to generate and communicate that quote. POPIA requires consent to be a voluntary, specific, and informed expression of will.1
  • Contractual Necessity: Processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject prior to entering into a contract.2 For example, if a user engages NSDigital Consulting for services, their Personal Information will be processed to fulfill the terms of that service agreement.
  • Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by NSDigital Consulting or by a third party to whom the information is disclosed, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of Personal Information.9 Examples include improving website functionality, internal administration, or ensuring network security.
  • Legal Obligation: Processing is necessary for compliance with a legal obligation to which NSDigital Consulting is subject.

Relying solely on “consent” for all processing activities can be precarious, as consent can be withdrawn at any time.1 Therefore, identifying and articulating other applicable legal bases, such as contractual necessity for service delivery or legitimate interests for website analytics and improvement, provides a more robust and comprehensive framework for compliance. This demonstrates a thorough understanding of POPIA’s requirements for lawful processing and offers greater clarity to users regarding the justification for various data processing activities.

  1. Cookies and Tracking Technologies

6.1. What are Cookies?

Cookies are small text files containing a string of characters that are placed on a user’s computer or mobile device by websites they visit. These files allow a website to recognize a user’s device on subsequent visits, remember preferences, and enhance user experience.10 Cookies can be “session cookies” (which expire once the browser is closed) or “persistent cookies” (which remain on the device for a set period or until deleted).3

6.2. How NSDigital Consulting Uses Cookies

NSDigital Consulting may use cookies and similar tracking technologies for various purposes. It is imperative to note that a comprehensive cookie audit of https://nsdigitalconsulting.com/ is required to provide an exhaustive and accurate list of all cookies in use. Without such an audit, the information below is general and illustrative. POPIA applies to online identifiers, which include many types of cookies, and requires consent for the processing of Personal Information collected by non-essential cookies.11

Potential categories of cookies that might be used include:

  • Essential/Strictly Necessary Cookies: These are vital for the basic operation of the Website, enabling core functionalities like navigation and access to secure areas. The Website cannot function properly without these cookies.
  • Analytical/Performance Cookies: These cookies collect information about how users interact with the Website, such as which pages are visited most often, the time spent on pages, and any error messages encountered. This data is used to improve the Website’s performance and user experience (e.g., Google Analytics).
  • Functional Cookies: These cookies allow the Website to remember choices users make (such as username, language, or region) and provide enhanced, more personalized features.
  • Marketing Cookies: These cookies are used to track visitors across websites with the intention of displaying ads that are relevant and engaging for the individual user. (Note: NSDigital Consulting must confirm if such cookies are in use and ensure explicit consent is obtained).

The Website is built on WordPress and may embed content from services like YouTube, which can also set cookies. WordPress itself may use cookies for core functionality, such as managing user sessions for administrators or remembering commenter details. Embedded YouTube videos can set cookies to track viewing statistics, store user preferences (like volume or video quality), and potentially deliver targeted advertising through Google’s network. 12

The Website may also use third-party cookies, which are set by a domain other than the one being visited by the user (e.g., cookies from embedded content providers or advertising networks). It has been observed that a significant percentage of cookies can be secretly loaded by other third-party cookies, underscoring the need for a thorough audit.12

6.3. Your Cookie Choices / Managing Cookies

Users must be informed about each cookie or web technology separately to ensure specific and granular consent for each cookie objective.11 POPIA mandates that no non-essential cookies should be loaded until users have given valid consent, typically through a cookie consent banner or management tool.11 This consent must be freely given, specific, informed, and unambiguous, and it must be as easy to withdraw consent as it is to give it.

Users can typically manage their cookie preferences through:

  • Cookie Consent Banner/Tool: If implemented on the Website, this tool will allow users to provide or withdraw consent for different categories of cookies.
  • Browser Settings: Most web browsers allow users to view, manage, delete, and block cookies. Instructions for managing cookies in popular browsers can usually be found in the browser’s help section or support website.13

Disabling certain cookies, particularly essential ones, may affect the functionality and user experience of the Website.

Table 2: Cookies Used on Our Website

(This table provides general examples based on the information that the website uses WordPress and YouTube. It must be populated and verified following a comprehensive cookie audit of https://nsdigitalconsulting.com/. The audit should identify the specific name, provider, type, purpose, and duration/expiry of each cookie.)

Cookie Name Provider (e.g., NSDigital Consulting, WordPress, YouTube/Google) Type (e.g., Essential, Analytical, Functional, Marketing) Purpose Duration/Expiry
[WordPress Core Cookies (example)] WordPress Essential, Functional To enable core website functionality, manage user sessions (e.g., for logged-in users), remember preferences. Varies (e.g., session, persistent)
** YouTube (Google) Functional, Analytical, Marketing To track video views, remember user preferences (e.g., volume, quality), provide personalized recommendations, potentially display targeted ads. Varies (e.g., session, persistent)
[Other cookies identified by audit] [Provider Name] ** [Purpose] **

Presenting this information in a table is crucial for transparency, enabling users to make informed choices and helping NSDigital Consulting demonstrate compliance with POPIA’s openness and consent requirements.11 A full cookie audit is essential to accurately complete this table.

  1. Sharing and Disclosure of Personal Information

NSDigital Consulting does not sell Personal Information to third parties. Personal Information may be shared or disclosed to third parties only in the following limited circumstances:

  • Service Providers (Operators): Personal Information may be shared with trusted third-party service providers who perform functions and provide services on behalf of NSDigital Consulting. These may include website hosting, data analysis, email delivery services, IT services, and customer service. These third parties are considered “Operators” under POPIA.6 NSDigital Consulting will ensure that such Operators are contractually bound to:
  • Only process Personal Information on documented instructions from NSDigital Consulting.
  • Implement appropriate technical and organizational measures to ensure the security and confidentiality of the Personal Information.
  • Use the Personal Information solely for the purposes for which it was disclosed.1 The use of any third-party service that processes personal data (e.g., cloud storage, analytics tools) necessitates such contractual agreements to ensure the Operator provides sufficient security guarantees.
  • Legal Requirements and Law Enforcement: Personal Information may be disclosed if required to do so by law, regulation, court order, subpoena, or other legal process, or in response to a valid request from a governmental or law enforcement authority.
  • Business Transfers: In the event of a merger, acquisition, consolidation, asset sale, bankruptcy, or other corporate restructuring, Personal Information may be transferred as part of the transaction. In such cases, NSDigital Consulting will endeavor to ensure that the receiving party adheres to the principles of this Privacy Policy or provides adequate notice of any changes.
  • Protection of Rights and Safety: Personal Information may be disclosed when NSDigital Consulting believes in good faith that disclosure is necessary to protect its rights, property, or safety, or the rights, property, or safety of its users or the public.

NSDigital Consulting remains accountable for Personal Information shared with Operators and must ensure that these third parties uphold POPIA’s security and processing principles.1

  1. Data Security

NSDigital Consulting is committed to implementing and maintaining “appropriate, reasonable technical and organisational measures” to protect the Personal Information it processes against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.6 This commitment is a core requirement of POPIA.1

While no method of transmission over the Internet or method of electronic storage is entirely secure, NSDigital Consulting employs a range of security measures designed to protect Personal Information. These may include, but are not limited to:

  • Use of secure servers and data centers.
  • Implementation of access controls to limit access to Personal Information to authorized personnel on a need-to-know basis.3
  • Use of encryption technologies for sensitive data where appropriate.
  • Regular review and updating of security practices and technologies.2

It is important to acknowledge that absolute security cannot be guaranteed on the internet.3 However, NSDigital Consulting takes its security obligations seriously and strives to use commercially acceptable means to protect Personal Information. The nature of “reasonable technical and organisational measures” is dynamic; therefore, security practices must be subject to ongoing assessment and enhancement to address evolving threats and technological advancements.

Data Breach Notification (Security Compromise)

In the unfortunate event of a data breach (referred to as a “security compromise” under POPIA) where there are reasonable grounds to believe that Personal Information has been accessed or acquired by an unauthorized person, NSDigital Consulting will adhere to its notification obligations under POPIA.6 This includes:

  • Notifying the Information Regulator of South Africa as soon as reasonably possible after the discovery of the compromise.6 This notification may be done via the Information Regulator’s online eServices Portal.6
  • Notifying the affected data subjects as soon as reasonably possible, unless law enforcement officials request a delay if notification would impede a criminal investigation.6

The notification to data subjects will be in writing and communicated via appropriate channels (e.g., email to the last known address, a prominent notice on the Website).1 The notification will include:

  • A description of the possible consequences of the security compromise.
  • A description of the measures NSDigital Consulting has taken or intends to take to address the compromise.
  • Recommendations on measures data subjects can take to mitigate the potential adverse effects of the compromise.
  • If known, the identity of the unauthorized person who may have accessed or acquired the Personal Information.6

NSDigital Consulting will also establish and maintain an incident response plan to effectively manage and mitigate the impact of any security compromises.2

  1. Data Retention

NSDigital Consulting will retain Personal Information only for as long as it is necessary to fulfill the specific purposes for which it was collected, as outlined in this Privacy Policy, or as required or permitted by applicable law.1 This aligns with POPIA’s principles of “Purpose Specification” and “Processing Limitation,” which stipulate that data should not be retained for longer than necessary.2

The criteria used to determine data retention periods include:

  • The duration of the user’s relationship with NSDigital Consulting.
  • The necessity of the information for providing requested services or responding to inquiries.
  • Applicable legal, regulatory, or contractual retention requirements (e.g., financial record-keeping, tax laws).
  • The need to resolve disputes, enforce agreements, or protect legal rights.

Once Personal Information is no longer required for its collected purpose and there is no legal basis for its continued retention, NSDigital Consulting will take reasonable steps to securely destroy or de-identify (anonymize) the information in a manner that prevents its reconstruction or use.2 Over-retention of data unnecessarily increases risk; therefore, adherence to defined retention schedules is crucial for minimizing potential exposure in the event of a security compromise and demonstrating compliance with POPIA’s data minimization principles. While this policy states the principle, NSDigital Consulting should operationalize this by defining specific retention periods for different categories of data.

  1. Your Rights Under POPIA

Under POPIA, data subjects have several rights concerning their Personal Information. NSDigital Consulting is committed to upholding these rights. Users may exercise the following rights:

  • Right to be Notified: The right to be notified that their Personal Information is being collected and processed.2 This Privacy Policy serves, in part, to fulfill this obligation.
  • Right of Access: The right to request confirmation of whether NSDigital Consulting holds Personal Information about them, and to request access to that Personal Information and related details.2
  • Right to Rectification: The right to request the correction of any Personal Information held by NSDigital Consulting that is inaccurate, incomplete, or misleading.2
  • Right to Erasure (Right to be Forgotten): The right to request the deletion or destruction of their Personal Information under certain conditions, such as when the information is no longer necessary for the original purpose of processing, consent is withdrawn (and there is no other legal ground for processing), or the processing is unlawful.2
  • Right to Object to Processing: The right to object, on reasonable grounds relating to their particular situation, to the processing of their Personal Information where processing is based on legitimate interests or public interest. Users also have an absolute right to object to the processing of their Personal Information for direct marketing purposes.2
  • Right to Restrict Processing: The right to request the restriction of processing of their Personal Information under certain circumstances, for example, while the accuracy of the data is being contested or if the processing is unlawful but the user opposes erasure.
  • Right to Withdraw Consent: Where the processing of Personal Information is based on consent, the right to withdraw that consent at any time.1 The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
  • Right Not to be Subject to Automated Decision-Making: The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, except under certain conditions.2 (This is likely of limited applicability to NSDigital Consulting’s current website operations but is included for completeness).
  • Right to Lodge a Complaint: The right to lodge a complaint with the Information Regulator of South Africa if they believe that their rights under POPIA have been infringed.2

How to Exercise Your Rights:

To exercise any of these rights, users should contact NSDigital Consulting’s Information Officer using the contact details provided in Section 15 (“Contact Us / Information Officer”). Requests should be made in writing, and NSDigital Consulting may require proof of identity to process the request, ensuring that Personal Information is not disclosed to unauthorized individuals. NSDigital Consulting will respond to legitimate requests in accordance with the timeframes and requirements stipulated by POPIA. POPIA provides specific forms for certain requests (e.g., Form 1 for objecting to processing, Form 2 for requesting correction or deletion) 4; while these forms are not hosted here, requests can be made directly to the Information Officer.

Effectively enabling these rights requires NSDigital Consulting to have internal procedures in place to handle such requests efficiently and compliantly. This is a key aspect of the “Data Subject Participation” condition of lawful processing under POPIA.1

  1. International Data Transfers

Personal Information collected by NSDigital Consulting is primarily processed and stored within South Africa. However, in certain circumstances, Personal Information may be transferred to, and processed in, countries outside of South Africa. This may occur, for example, if NSDigital Consulting utilizes cloud-based services or service providers whose servers are located internationally. Many common cloud services for email, hosting, or analytics may involve data storage or processing outside South Africa, which constitutes an international data transfer under POPIA.

POPIA imposes restrictions on the transfer of Personal Information to foreign countries.2 If Personal Information is transferred outside of South Africa, NSDigital Consulting will take appropriate steps to ensure that the transfer is lawful and that the Personal Information receives an adequate level of protection in the recipient country. These safeguards may include:

  • Ensuring that the recipient country has data protection laws that provide a level of protection substantially similar to that afforded by POPIA.
  • Obtaining the data subject’s explicit consent for the transfer, after informing them of any potential risks.
  • Implementing contractual clauses (e.g., Standard Contractual Clauses approved by the Information Regulator or a competent authority) that require the recipient to protect the Personal Information in accordance with POPIA’s standards.3
  • The transfer being necessary for the performance of a contract between the data subject and NSDigital Consulting, or for the implementation of pre-contractual measures taken in response to the data subject’s request.2
  • The transfer being necessary for the conclusion or performance of a contract concluded in the interest of the data subject between NSDigital Consulting and a third party.2

NSDigital Consulting will exercise due diligence in selecting international service providers and in implementing appropriate safeguards for any transborder information flows.

  1. Children’s Privacy

The Website and the services offered by NSDigital Consulting are not directed at, nor intended for use by, individuals under the age of 18 (“children”). NSDigital Consulting does not knowingly collect Personal Information from children without verifiable parental or guardian consent.3 POPIA affords special protection to the Personal Information of children, often treating it as “special personal information” or requiring consent from a competent person.

If NSDigital Consulting becomes aware that it has inadvertently collected Personal Information from a child without the necessary consent, it will take prompt steps to delete such information from its records. If a parent or guardian believes that their child has provided Personal Information to NSDigital Consulting without their consent, they should contact the Information Officer using the details in Section 15. This clause demonstrates a comprehensive approach to privacy by addressing common risk areas, even if less directly applicable to a B2B service model.

  1. Links to Other Websites

The Website may contain links to other websites that are not operated or controlled by NSDigital Consulting (“Third-Party Websites”). This Privacy Policy applies only to the NSDigital Consulting Website. It does not extend to Third-Party Websites. NSDigital Consulting is not responsible for the privacy practices or content of such Third-Party Websites.

Users are encouraged to review the privacy policies of any Third-Party Websites they visit before providing any Personal Information to them. This clause serves to manage user expectations and limit NSDigital Consulting’s liability concerning the privacy practices of external sites, thereby preventing potential misunderstandings.

  1. Changes to This Privacy Policy

NSDigital Consulting reserves the right to update or modify this Privacy Policy at any time to reflect changes in its practices, service offerings, or applicable laws. When changes are made, the “Effective Date” at the top of this Privacy Policy will be revised.

For material changes to this Privacy Policy, NSDigital Consulting will notify users by appropriate means, such as by posting a prominent notice on the Website or, where feasible and appropriate, by direct communication (e.g., email to users for whom contact information is held). Users are encouraged to review this Privacy Policy periodically to stay informed about how NSDigital Consulting is protecting their Personal Information. Continued use of the Website after any changes to this Privacy Policy constitutes acceptance of those changes. While POPIA does not mandate a specific update frequency like the CCPA’s 12-month requirement 15, maintaining an accurate and up-to-date policy is crucial for ongoing compliance and transparency.2 A transparent update process is vital for maintaining user trust.

  1. Contact Us / Information Officer

For any questions, concerns, or comments regarding this Privacy Policy, the processing of Personal Information by NSDigital Consulting, or to exercise any of the rights afforded under POPIA, users should contact NSDigital Consulting’s designated Information Officer.

The appointment of an Information Officer is a statutory requirement under POPIA.2 This individual is responsible for ensuring NSDigital Consulting’s compliance with POPIA and serves as the primary point of contact for data subjects and the Information Regulator on data protection matters.

Information Officer Details:

  • Name/Title:
  • Email Address: nicholas@nsdigitalconsulting.com (or a dedicated privacy/IO email address) 5
  • Postal Address: The Office: Claremont, Cape Town, South Africa (or a specific address for privacy inquiries) 5

Information Regulator of South Africa:

Data subjects also have the right to lodge a complaint with the Information Regulator of South Africa if they believe their data protection rights have been violated. The Information Regulator can be contacted at:

  • Website: https://inforegulator.org.za/
  • Email for Complaints (verify current): complaints.IR@justice.gov.za or POPIAComplaints@inforegulator.org.za

General Enquiries Email (verify current): inforeg@justice.gov.za